package com.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 放行自定义的唯一登录界面，login
                .mvcMatchers("/login.html").permitAll()
                .mvcMatchers("/index").permitAll() // 放行资源写在任何前面
                .mvcMatchers("/hello").authenticated() // 明确指定 /hello 需要认证
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login.html") // 用来指定默认登录页面 注意：一旦自定义登录页面以后必须只能登录url
                .loginProcessingUrl("/doLogin")  // 指定处理登录请求 url
                .usernameParameter("uname")
                .passwordParameter("passwd")
                .and()
                .csrf().disable(); // 禁止 csrf 跨站请求保护
    }
}